Browse Source

Split current documentation in multiple files

main
Miraty 12 months ago
parent
commit
14ca097799
  1. 37
      README.md
  2. 5
      certbot.md
  3. 0
      config/knot.conf
  4. 0
      config/nginx/dhparam
  5. 0
      config/nginx/inc/errors.conf
  6. 0
      config/nginx/inc/fastcgi.conf
  7. 0
      config/nginx/inc/intermediate.conf
  8. 0
      config/nginx/inc/modern.conf
  9. 0
      config/nginx/inc/niver-csp.conf
  10. 0
      config/nginx/inc/security.conf
  11. 0
      config/nginx/mimetypes/full.conf
  12. 0
      config/nginx/mimetypes/strict.conf
  13. 0
      config/nginx/nginx.conf
  14. 0
      config/nginx/sites/niver.atope.art.conf
  15. 0
      config/php-fpm/errors.conf
  16. 0
      config/php-fpm/niver.conf
  17. 0
      config/share/banner.txt
  18. 0
      config/share/knot.template
  19. 0
      config/share/nginx/dns.template
  20. 0
      config/share/nginx/onion.template
  21. 0
      config/share/skel/about.txt
  22. 0
      config/sshd_config
  23. 52
      gmnisrv.md
  24. 144
      install.md
  25. 7
      knot.md
  26. 21
      maniver.md
  27. 12
      nginx.md
  28. 11
      niver-php.md
  29. 6
      openssh.md
  30. 5
      php.md
  31. 9
      quota.md
  32. 10
      tor.md
  33. 8
      twins.md
  34. 11
      ufw.md

37
README.md

@ -1,3 +1,36 @@
# Niver configuration
# Niver
This repository contains configuration files required by Niver or it's dependencies.
Niver's sources ares split between 3 repositories:
* [`system`](https://code.antopie.org/Niver/system): Documentation and configuration files you'll need to setup a Niver server
* [`niver-php`](https://code.antopie.org/Niver/niver-php): The Web interface in PHP
* [`maniver`](https://code.antopie.org/Niver/maniver): The Rust privileged program to do root actions from niver-php
## Installation
Install Debian 11 (bullseye) <https://www.debian.org/>.
The following steps assumes you've done the following:
```
# apt install sudo git
# git clone https://code.antopie.org/Niver/system /root/niver-system
```
1. [ufw.md](ufw.md) UFW (optionnal, not required for a working setup)
2. [openssh.md](openssh.md) OpenSSH
3. [quota.md](quota.md) Quota
4. [knot.md](knot.md) Knot DNS
5. [tor.md](tor.md) Tor
6. [twins.md](twins.md) Twins
7. [nginx.md](nginx.md) Nginx
8. [certbot.md](certbot.md) Certbot
9. [php.md](php.md) PHP-FPM
10. [maniver.md](maniver.md) maniver
11. [niver-php.md](niver-php.md) niver-php
## Create system users
```
# useradd -U -r -s /usr/sbin/nologin <username>
```

5
certbot.md

@ -0,0 +1,5 @@
# Certbot
```
# apt install certbot python3-certbot-nginx
```

0
knot.conf → config/knot.conf

0
nginx/dhparam → config/nginx/dhparam

0
nginx/inc/errors.conf → config/nginx/inc/errors.conf

0
nginx/inc/fastcgi.conf → config/nginx/inc/fastcgi.conf

0
nginx/inc/intermediate.conf → config/nginx/inc/intermediate.conf

0
nginx/inc/modern.conf → config/nginx/inc/modern.conf

0
nginx/inc/niver-csp.conf → config/nginx/inc/niver-csp.conf

0
nginx/inc/security.conf → config/nginx/inc/security.conf

0
nginx/mimetypes/full.conf → config/nginx/mimetypes/full.conf

0
nginx/mimetypes/strict.conf → config/nginx/mimetypes/strict.conf

0
nginx/nginx.conf → config/nginx/nginx.conf

0
nginx/sites/niver.atope.art.conf → config/nginx/sites/niver.atope.art.conf

0
php-fpm/errors.conf → config/php-fpm/errors.conf

0
php-fpm/niver.conf → config/php-fpm/niver.conf

0
share/banner.txt → config/share/banner.txt

0
share/knot.template → config/share/knot.template

0
share/nginx/dns.template → config/share/nginx/dns.template

0
share/nginx/onion.template → config/share/nginx/onion.template

0
share/skel/about.txt → config/share/skel/about.txt

0
sshd_config → config/sshd_config

52
gmnisrv.md

@ -0,0 +1,52 @@
# gmnisrv
```
# apt install git make pkg-config libssl-dev scdoc
$ git clone https://git.sr.ht/~sircmpwn/gmnisrv # Download gmnisrv sources
$ mkdir gmnisrv/build
$ cd gmnisrv/build
$ ../configure --prefix=/usr # Check gmnisrv dependencies and setup files needed for building
$ make # Build gmnisrv
# make install # Install gmnisrv binary and manpages on the system
# useradd -U -r -s /usr/sbin/nologin gmnisrv # Add the gmnisrv system user and group
# vim /etc/systemd/system/gmnisrv.service
```
```
[Unit]
Description=Gmnisrv, a Gemini server
After=network.target
Wants=network.target
[Service]
Type=simple
ExecStart=/usr/local/bin/gmnisrv
Restart=always
User=gmnisrv
Group=gmnisrv
WorkingDirectory=/srv/ht
[Install]
WantedBy=multi-user.target
```
```
# systemctl daemon-reload
# mkdir -p /srv/gmi/niver.4.niv.re
# echo "This is a testing Gemini capsule" > /srv/gmi/niver.4.niv.re/index.gmi
# mkdir /var/lib/gemini
# chmod -R 700 /var/lib/gemini
# chown -R gmnisrv:gmnisrv /var/lib/gemini
# vim /etc/gmnisrv.ini
```
```
# Space-separated list of hosts
listen=0.0.0.0:1965 [::]:1965
[:tls]
# Path to store certificates on disk
store=/var/lib/gemini
[niver.4.niv.re]
root=/srv/gmi/niver.4.niv.re
```

144
install.md

@ -1,144 +0,0 @@
# Niver setup on Debian 11 (bullseye)
```
# apt install tor knot openssh-server sudo nginx certbot python3-certbot-nginx php7.4-fpm php-sqlite3 quota
```
## Create system users
```
# useradd -U -r -s /usr/sbin/nologin <username>
```
## Twins
```
$ wget https://golang.org/dl/go1.16.7.linux-amd64.tar.gz -o go.tar.gz
$ tar -xf go.tar.gz
$ go/bin/go get code.rocketnine.space/tslocum/twins
$ cp go/bin/twins /usr/local/bin/
```
## maniver
Installation
```
# apt install gcc git
$ git clone https://code.antopie.org/Niver/maniver && cd maniver
$ curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
$ cargo build --release
# cp target/release/maniver /usr/local/bin/
# chown root:php-niver /usr/local/bin/maniver
# chmod 750 /usr/local/bin/maniver
```
Update
```
$ git fetch
$ rustup update
$ cargo update
$ cargo build --release
# cp target/release/maniver /usr/local/bin/
```
## gmnisrv
```
# apt install git make pkg-config libssl-dev scdoc
$ git clone https://git.sr.ht/~sircmpwn/gmnisrv # Download gmnisrv sources
$ mkdir gmnisrv/build
$ cd gmnisrv/build
$ ../configure --prefix=/usr # Check gmnisrv dependencies and setup files needed for building
$ make # Build gmnisrv
# make install # Install gmnisrv binary and manpages on the system
# useradd -U -r -s /usr/sbin/nologin gmnisrv # Add the gmnisrv system user and group
# vim /etc/systemd/system/gmnisrv.service
```
```
[Unit]
Description=Gmnisrv, a Gemini server
After=network.target
Wants=network.target
[Service]
Type=simple
ExecStart=/usr/local/bin/gmnisrv
Restart=always
User=gmnisrv
Group=gmnisrv
WorkingDirectory=/srv/ht
[Install]
WantedBy=multi-user.target
```
```
# systemctl daemon-reload
# mkdir -p /srv/gmi/niver.4.niv.re
# echo "This is a testing Gemini capsule" > /srv/gmi/niver.4.niv.re/index.gmi
# mkdir /var/lib/gemini
# chmod -R 700 /var/lib/gemini
# chown -R gmnisrv:gmnisrv /var/lib/gemini
# vim /etc/gmnisrv.ini
```
```
# Space-separated list of hosts
listen=0.0.0.0:1965 [::]:1965
[:tls]
# Path to store certificates on disk
store=/var/lib/gemini
[niver.4.niv.re]
root=/srv/gmi/niver.4.niv.re
```
## SFTP
```
# groupadd ht
```
## Quota
```
# quotacheck -cm /
# vim /etc/fstab
```
UUID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx / ext4 usrquota,grpquota,errors=remount-ro 0 1
## Knot DNS
```
# sudo -u knot knotc conf-init
# sudo -u knot knotc conf-import <path to default niver knot conf>
```
## Nginx
Generate a self-signed certificate for default Nginx site.
```
# openssl req -subj '/' -new -newkey RSA:3072 -days 3650 -nodes -x509 -keyout /etc/ssl/private/niver.key -out /etc/ssl/certs/niver.crt
```
## Niver-PHP
```
# chown -R root:root /usr/local/share/niver
# chmod -R u=rwX,go=rX /usr/local/share/niver
# mkdir /etc/nginx/ht
# chown -R php-niver:php-niver /etc/nginx/ht
# chmod -R 775 /etc/nginx/ht
```
Increase `session.gc_maxlifetime` in /etc/php/7.4/fpm/php.ini to avoid sessions being cleared too soon.
## Tor
This command only exist on Debian
```
# tor-instance-create niver
```

7
knot.md

@ -0,0 +1,7 @@
# Knot DNS
```
# apt install knot
# sudo -u knot knotc conf-init
# sudo -u knot knotc conf-import <path to default niver knot conf>
```

21
maniver.md

@ -0,0 +1,21 @@
# maniver
Installation
```
# apt install gcc
$ git clone https://code.antopie.org/Niver/maniver && cd maniver
$ curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
$ cargo build --release
# cp target/release/maniver /usr/local/bin/
# chown root:php-niver /usr/local/bin/maniver
# chmod 750 /usr/local/bin/maniver
```
Update
```
$ git fetch
$ rustup update
$ cargo update
$ cargo build --release
# cp target/release/maniver /usr/local/bin/
```

12
nginx.md

@ -0,0 +1,12 @@
# Nginx
```
# apt install nginx libnginx-mod-http-headers-more-filter
```
`libnginx-mod-http-headers-more-filter` is required in order to make `more_set_headers` instructions work
Generate a self-signed certificate for default Nginx site.
```
# openssl req -subj '/' -new -newkey RSA:3072 -days 3650 -nodes -x509 -keyout /etc/ssl/private/niver.key -out /etc/ssl/certs/niver.crt
```

11
niver-php.md

@ -0,0 +1,11 @@
# Niver-PHP
```
# chown -R root:root /usr/local/share/niver
# chmod -R u=rwX,go=rX /usr/local/share/niver
# mkdir /etc/nginx/ht
# chown -R php-niver:php-niver /etc/nginx/ht
# chmod -R 775 /etc/nginx/ht
```
Increase `session.gc_maxlifetime` in /etc/php/7.4/fpm/php.ini to avoid sessions being cleared too soon.

6
openssh.md

@ -0,0 +1,6 @@
# OpenSSH
```
# apt install openssh-server
# groupadd ht
```

5
php.md

@ -0,0 +1,5 @@
# PHP
```
# apt install php7.4-fpm php-sqlite3
```

9
quota.md

@ -0,0 +1,9 @@
# Quota
```
# apt install quota
# quotacheck -cm /
# vim /etc/fstab
```
UUID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx / ext4 usrquota,grpquota,errors=remount-ro 0 1

10
tor.md

@ -0,0 +1,10 @@
# Tor
`tor-instance-create` is specific to Debian
```
# apt install tor
# tor-instance-create niver
# systemctl start tor@niver
# systemctl enable tor@niver
```

8
twins.md

@ -0,0 +1,8 @@
# Twins
```
$ wget https://golang.org/dl/go1.16.7.linux-amd64.tar.gz -o go.tar.gz
$ tar -xf go.tar.gz
$ go/bin/go get code.rocketnine.space/tslocum/twins
$ cp go/bin/twins /usr/local/bin/
```

11
ufw.md

@ -0,0 +1,11 @@
# Firewall
```
# apt install ufw
# ufw allow in 22 # SSH
# ufw allow in 53 # DNS
# ufw allow in 80 # Display an error message for unsecure HTTP
# ufw allow in 443 # HTTPS
# ufw allow in 1965 # Gemini
# ufw enable
```